The Dopefly Tech Blog

Monty Python Uses Correct 3-Factor Authentication

posted under category: General on January 10, 2013 at 1:00 am by MrNate

Let's talk movies and security for a minute. Obviously Hollywood has proven they don't know computers, don't know hackers and don't know security - they know fun stories and special effects, but there have been more awful portrayals of computing than good ones.

Single-factor authentication has been deemed bad form on the internet, and easily bypassed in movies. We have all seen where someone knows the password or cuts off a thumb for the fingerprint scanner. That's simply not enough security. In real life, most passwords in use are plucked out of the most used passwords lists. One single password is easy to guess, and it's obvious because people get their accounts 'hacked' all the time. Single-factor authentication is simply not good enough.

Two-factor authentication is better, but not perfect. Again, there are movies where voice and eye prints are stolen, or a password is guessed and a fake thumbprint is used. In reality, two-factor authentication comes around in the form of web sites that send you a text message or email when you first log in from a new device and you have to enter the code from that separate message. It is a huge step forward because now it's something you know (password) and something you have (access to the email or phone). However, if one account has been taken, how can you ensure a hacker has not also obtained access to your email? It's not foolproof, but it's much closer.

Three factor authentication means "something you know" (password), "something you have" (email/phone/badge/fob), and "something you are" (finger/eye/hand print, face scan, etc). If anyone in any movie actually used this, the bad guys would win a whole lot less. Think about it. You can't just take a finger with you because you need their password. Guessing the password and hacking their email account still means you are missing the physical person. Stealing a badge leaves you lacking as well.

In Monty Python and the Holy Grail, at the Bridge of Death over the Gorge of Eternal Peril, the bridgekeeper asks three very important questions. Let's look at them:

1. What is your name? In authentication terms, he wants "something you are."

2. What is your quest? Could be interpreted as "something you have" though, to be specific, this is something you do not have.

3. What is your favorite color? What is the capital of Assyria? Without a doubt, "something you know."

When you think of computing and movies, Monty Python has all of Hollywood beat. You heard it here first, folks.

It may not be the brightest blog post ever, but at least I'm blogging. Also, I wanted to say that this post was inspired due to my eternal hatred for Sandra Bullock's 1995 thriller 'The Net' and its use of the worst understanding of computing, the internet and security, ever.